system/networking.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

{
  lib,
  config,
  ...
}: let
  inherit (lib) mkIf;
  cfg = config.network;
in {
  config = mkIf cfg.enable {
    # ethernet / wifi
    networking.networkmanager.enable = true;
    users.groups.networkmanager.members = [config.user];

    # firewall
    networking.firewall.enable = true;
    networking.firewall.allowedTCPPorts = [80 443 8080];
    networking.nftables.enable = true;

    # dns
    services.resolved.enable = true;
    networking.networkmanager.dns = "systemd-resolved";
  };
}